|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
For interoperability with different IDP's, we need to be able to specify both a entityID and an ACS URL separately. Its not a problem to specify the entityID in the config...you can make it all the same if the IDP supports anonymous relying parties (because it doesn't need metadata), but having to specify the ACS URL for each app is a pain and seems unnecessary.
The ACS URL has to point to a protected resource of the app or the SAML assertion will never be read and the user will never be logged in. Protected resources can differ from app to app and the ACS URL isn't even the URL that a user gets redirected to after the Picketlink login module generates principals. Since Picketlink already knows what protected resource a user is trying to access before it redirects them to the IDP, it would be very helpful if it defaulted the ACS URL to be the originally requested URL of the protected resource.